In multimedia systems that may be accessed by many different users, creating a secure access control management mechanism may be necessary in order to define and administer the access rights or privileges of the different users. An example of such a multimedia system may be a set-top box where manufacturers, vendors, operators, and/or home users may have an interest in accessing at least some limited functionality of the system. In some instances, a single device, such as a security processor for example, may be utilized to administer access control to various subsystems in a multimedia system. The security processor may operate independently of other components, devices, and/or subsystems in the multimedia system when determining access rights or privileges of different users to various features in the multimedia system. For example, vendors may have limited access to some of the functions that may be accessible by the manufacturer. Home users may only have access to a subset of the vendors' access rights.
In some instances, secure access control may be managed based on an access control matrix that may be generated as part of the multimedia system design to specify access conditions of each security component supported by the system. Table 1 illustrates an access control matrix implemented as a two-dimensional array that comprises the set of rights, R(i,j), that provide the system with the appropriate commands for a particular user i to access a particular security component (SC) j. For example, user 1 may have an R(1,2) access right to security component SC 2, while user i may have an R(i,j) access right to security component SC j.
TABLE 1Access control matrix in a two-dimensional array.SC 1SC 2. . .SC j. . .user 1R(1, 1)R(1, 2). . .R(1, j). . .user 2R(2, 1)R(2, 2). . .. . .. . .. . .. . .. . .. . .. . .user iR(i, 1). . .. . .R(i, j). . .. . .. . .. . .. . .. . .. . .
However, there may be several limitations with such a straightforward implementation. On a typical security system, the number of user modes and security components may be sufficiently large that the size of the access control matrix may require large amounts of memory. There may be a significant number of entries in the access control matrix that may correspond to instances when access rights may not be granted and/or instances when the access rights may be the same for multiple user modes and/or for multiple security components, such as default settings, for example. The addition or removal of user modes or security components may require careful implementation of additional hardware and/or software complexity in order to manage the access control matrix without introducing security concerns that may result from the additional complexity. Moreover, the concurrent operation of more than one user mode may present security concerns when the rights associated with a particular security component result in a conflict between the concurrent user modes.
Specifying access conditions and/or operations in a manner that overcomes at least some of the limitations presented by a security management that is based on an access control matrix implemented as a two-dimensional array may result in a more versatile secure access control management mechanism for multimedia systems.
Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of skill in the art, through comparison of such systems with some aspects of the present invention as set forth in the remainder of the present application with reference to the drawings.